Login

Signup

Blog

Midmarket Cybersecurity Investments Growing

Security posture concerns to bolster IT investments for next 12 months

No longer safe to fly under the radar of higher profile counterparts as targets for hackers, midmarket companies are focusing more resources on staffing and budget to defend their networks and data against cyber attacks. But as IT leaders have cautioned previously, deep pockets will not guarantee a company is ever 100 percent secure.

This week’s report from Deloitte showcased 38 percent of private companies in the midmarket are prioritizing information security as their top IT investment for the next 12 months, from implementing new information security processes to preventing threats through advanced monitoring and detection and expanding employee education programs.

In the midmarket, where budgets are limited and staff members shoulder multiple responsibilities, the need to “keep the wheels on” may carry more weight than the desires of security professionals to “take it to the next level” according to Mitch Taylor, CIO and Dir. of IT Security at Ingomar Packing in California.

With GDPR, regulatory industry audits, ransomware and breach threats looming daily, it’s no longer feasible to focus on solely IT anymore and think security posture is being managed off to the side, he added.

For many midmarket companies with limited resources, Neill Feather, CEO of SiteLock, a leading website security provider, said one of the biggest challenges is execution on planned projects.

“As a CISO in the midmarket space, it’s important to follow security and privacy best practices when it comes to collecting and storing customer information. With the rise of other privacy-oriented regulations, like the recent California Consumer Privacy Act, it’s important to not only have these practices in place, but to stay abreast of what’s out there, so you don’t fall behind.”

According to recent report from Kaspersky, security budgets are growing this year, up from $201,000 in 2017 to $246,000 in 2018 for SMBs. Another uniquely midmarket trend for companies who can’t yet afford a qualified, full time CISO is opting for the “CISO for hire” model to help evaluate overall preparedness, offer periodic progress assessments and even lead training sessions.

More than half of Deloitte’s midmarket executive survey respondents cited cyber risk and governance as top areas of concern for board directors and C-suites.

Stephan Hundley, Dir. of Governance, Digital Risk and Security at TTX, advises cyber risk decisions can not be made exclusively by one executive or stakeholder. Building a board of VPs and line of business leaders as well as a governance committee of representatives from support organizations like finance, HR and legal to help drive the company’s corporate governance guidelines is a key first step to building a defensible security program.

When Ingomar’s production season slows later this year, Taylor said he’s eager to focus some time on securing operational equipment and devices that have been in place for a decade or more.

“This is not like a desktop that’s easily upgraded every three years,” he said, frustrated by a lack of resources to support operational technology. “Most of my colleagues keep themselves separate from that, but if operational technology is left to high level technicians who focus on on keeping the machines running more than keeping them secure, that’s a recipe for disaster over time.”